Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. PowerExchange Globalization
  12. Using the PowerExchange ODBC Drivers
  13. PowerExchange Datatypes and Conversion Matrix
  14. Appendix A: DTL__CAPXTIMESTAMP Time Stamps
  15. Appendix B: PowerExchange Glossary

PowerExchange SSL Architecture

PowerExchange SSL Architecture

The PowerExchange SSL architecture includes the following components:
  • PowerExchange SSL configured on Linux, UNIX, or Windows machines, which make outbound client secure connections
  • PowerExchange SSL configured on Linux, UNIX, Windows, and IBM i machines where listeners accept inbound secure connections
  • AT-TLS installed and configured on
    z/OS
    for PowerExchange listeners that accept inbound secure connections
  • PowerExchange Listener configured on z/OS configured on z/OS without SSL
  • X.509 certificates installed on each Linux, UNIX, or Windows machine in OpenSSL PEM format
  • X.509 certificates installed on IBM i and z/OS in GSK format
  • If remote peer certificate validation is performed, then the Certificate Authority that issued the remote certificate must be present as a trusted CA on the local machine
The following figure illustrates the PowerExchange SSL architecture:
You can use SSL communication for some, all, or none of the connections on a PowerExchange network.
For example, you might configure connections as follows:
  • Configure PowerExchange Listeners to use separate ports for SSL and non-SSL connections.
  • Configure the PowerCenter Integration Service client to use SSL connections to PowerExchange Listeners.
  • Configure the PowerExchange Navigator and PowerCenter clients to use non-SSL connections to PowerExchange Listeners.